Certified Information Security Manager (CISM) — Question 46

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

Answer options

• A. Incident response and recovery plans are documented in simple language
• B. Copies of recovery and incident response plans are kept offsite
• C. Teams and individuals responsible for recovery have been identified
• D. Risk acceptance by the business has been documented.

Correct answer: C

Explanation

The correct answer, C, emphasizes the necessity of identifying the teams and individuals responsible for recovery, as their roles are essential during testing. Options A and B, while important for clarity and accessibility, do not directly relate to the execution of the continuity test. Option D, although relevant, focuses on risk management rather than the immediate preparation for testing.